Why can't I connect externally to VPN on one network, but I can with two others?

*WORKS* I have set up a VPN server on a Windows 2003 server (std) by following the RRAS wizard, allowing access for a user, and then forwarding port (on the router) 1723 TCP to the server's internal IP. It works just fine. This has one network port and the router is a Linksys. It has both port-forwarding of 1723 to the server and PPTP passthrough enabled.

*WORKS* I did this same thing on another WIndows 2003 server SBS netowork and it works also. This one has one network port and a Microsoft MN-700 router. It has port forwarding enabled for 1723 TCP to the server. (PPTP pass-through is not mentioned in the config screens)

*DOES NOT WORK!* I tried the same thing on a another Windows SBS 2003 server (a third network) and I can not connect. It gets to "Verifying username and password" then says "error 721. the remote computer did not respond". This server also has one network port and has a D-Link DI-614+ router. I tried both TCP 1723 and UDP 500 forwarding to the server.

Thanks for your help.
Who is Participating?
tigermattConnect With a Mentor Commented:
The 721 error can be caused if you haven't forwarded the GRE protocol (also known as protocol 47) in your router through to the server's IP address. This, as far as I'm aware, handles the authentication for the PPTP VPN, so needs to be forwarded. However, don't get protocol 47 confused with TCP port 47, forwarding that won't do anything. On some routers, it would be enabled by enabling PPTP passthrough, so it could be the D-link router just isn't capable of it.

However, another possibility could be that it is blocked at the ISP, but if your machine manages to find the server and only fails on the verifying username and password stage, it is likely to be the GRE protocol 47 issue.
However (with reference to my previous post) it does say here http://www.dlink.com.sg/products/?pid=20 that it is capable of concurrent PPTP VPN connections. Perhaps there's a check box somewhere to tick to allow PPTP passthrough? If not, just try and see if GRE protocol 47 can be forwarded in the NAT port forwarding settings.
jmolhavaAuthor Commented:
I looked into the info you mentioned and also the D-Link page. It's also good to know what the GRE 47 actually does... never really knew other than it was needed.
From the D-Link page: They seem to have a specific way to enable the GRE protocol (just not as obvious as on the other two routers). I will try it later today and post back with the results.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

jmolhavaAuthor Commented:
OK that did it. It works now. Thanks for the tip off with GRE and the router settings. I guess every router kinda has their own way to do it.

jmolhavaAuthor Commented:
One more thought in case anyone else has this same router:
D-Link DI-614+
See the knowledge base on their website and look at the PPTP VPN connection instructions. The GRE entry will show up only if you add the PPTP 1723 entry in 'Virtual Server'. I also had to reset the router in order for it to take effect (apply was not enough).

That's often the case - the less advanced routers are probably preconfigured to do it for you. At least it works now!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.